By Byron V. Acohido
When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established.
Canada and Europe require corporations to give individuals the clear choice to “opt in” to any services that collect behavioral data useful for profiling an individual. But in the USA, America’s tech and media behemoths have established ground rules that essentially deprive consumers of long-held, hard-won notions of privacy shaped over two World Wars, namely the right to be left alone.
Related article: Parents sue to stop companies from ‘kid-spying’
For the most part, America consumers have meekly acquiesced. We’ve been trained to instantly acknowledge and accept privacy terms and conditions that would never fly anywhere else in the world; this is the price we’ve agreed to “pay” for access to “free” Internet-based services.
That said, the pendulum may slowly be swinging the other way. More than 80 percent of U.S. respondents surveyed by legal firm Morrison & Foerster said they decided not to make a purchase because of privacy concerns. Five years ago, that number was less than 50 percent. LastWatchdog asked Cisco’s Chief Privacy Officer, Michelle Dennedy, to put this nascent privacy trend into a wider context.
LW: Most people agree to privacy terms without much hesitation. Why has this become so?
Dennedy: Convenience, speed, and the attitude of “what choice do I really have?” We tend to accept that agreeing to the terms is the de facto if we want to play in the real world.
LW: What are a couple of typical business practices people would be surprised to learn they are subjected to when agreeing to privacy terms?
Dennedy: You might be surprised to learn how porous the situation is today. Businesses routinely share their customers information with third parties. This is more complex than most people understand and there is no “easy button.” Businesses collect more and more data because they need to know their customers.
Legally, businesses use privacy statements to protect themselves—it’s about doing their due diligence. Then from the user’s perspective, we worry that businesses are using our information to change the experience in ways we might not like, for example, sending us specific ads based on our web history. But it’s not all negative. Responsible companies also gather information to improve experiences and services for customers.
LW: Where is privacy in the U.S. heading in 2018?
Dennedy: As businesses become more aware of all the data they have, they will have to be more accountable to their boards and customers. This is a good thing. More awareness is a benefit from all the heightened scrutiny. We’ll see more awareness of how good privacy and data protection practices improve the bottom line. There will be more pressure on businesses to get their houses in order and get rid of data they don’t need.
Unfortunately, awareness alone won’t curtail the abuses and we will always need to be vigilant. With the recent high-profile breaches, I’m afraid the horse has left the stable and many of us may feel fatigued, or even helpless. But at the same time, people are definitely more interested in cybersecurity, data protection and privacy.
LW: Can and should more companies make respecting privacy part of their business model?
Dennedy: Absolutely, yes. Our research shows a correlation between good privacy practices and good business practices. More mature privacy policies and practices are good for business because they lead to trust in the brand and an improvement to the bottom line.
LW: What advice do you have for individual U.S. citizens, given the current landscape?
Dennedy: Look at your data assets, or personal information, in the same way you look at your financial assets—that includes at work, at home, at play, and in your spiritual life! We’re still in the early days when it comes to having strong policies and privacy practices in place. This isn’t going to end in May 2018 when the EU begins enforcing the General Data Protection Regulation (GDPR). This kind of tension between technology and innovation has always existed. This is not easy to do, but we persist, not so much for this generation as for the next.